Should critical infrastructure orgs boost OT/ICS systems’ security with zero trust? Absolutely, the CSA says. Meanwhile, the Five Eyes countries offer cyber advice to tech startups. Plus, a survey finds “shadow AI” weakening data governance. And get the latest on MFA methods, CISO trends and Uncle Sam’s AI strategy.

Dive into six things that are top of mind for the week ending Nov. 1.

1 - Securing OT/ICS in critical infrastructure with zero trust

As their operational technology (OT) computing environments become more digitized, converged with IT systems and cloud-based, critical infrastructure organizations should beef up their cybersecurity by adopting zero trust principles.

That’s the key message of the Cloud Security Alliance’s “Zero Trust Guidance for Critical Infrastructure,” which focuses on applying zero trust methods to OT and industrial control system (ICS) systems.

While OT/ICS environments were historically air gapped, that’s rarely the case anymore. “Modern systems are often interconnected via embedded wireless access, cloud and other internet-connected services, and software-as-a-service (SaaS) applications,” reads the 64-page white paper, which was published this week.

The CSA hopes the document will help cybersecurity teams and OT/ICS operators enhance the way they communicate and collaborate.

Among the topics covered are:

• Critical infrastructure’s unique threat vectors
• The convergence of IT/OT with digital transformation
• Architecture and technology differences between OT and IT

The guide also outlines this five-step process for implementing zero trust in OT/ICS environments:

• Define the surface to be protected
• Map operational flows
• Build a zero trust architecture
• Draft a zero trust policy
• Monitor and maintain the environment

A zero trust strategy boosts the security of critical OT/ICS systems by helping teams “keep pace with rapid technological advancements and the evolving threat landscape,” Jennifer Minella, the paper’s lead author, said in a statement.

To get more details, read:

• The report’s announcement “New Paper from Cloud Security Alliance Examines Considerations and Application of Zero Trust Principles for Critical Infrastructure”
• The full report “Zero Trust Guidance for Critical Infrastructure”
• A complementary slide presentation

For more information about OT systems cybersecurity, check out these Tenable resources: 

• “What is operational technology (OT)?” (guide)
• “Discover, Measure, and Minimize the Risk Posed by Your Interconnected IT/OT/IoT Environments” (on-demand webinar)
• “How To Secure All of Your Assets - IT, OT and IoT - With an Exposure Management Platform” (blog)
• “Blackbox to blueprint: The security leader’s guidebook to managing OT and IT risk” (white paper)
• “Tenable Cloud Risk Report 2024” (white paper)

2 - Five Eyes publish cyber guidance for tech startups

Startup tech companies can be attractive targets for hackers, especially if they have weak cybersecurity and valuable intellectual property (IP).

To help startups prevent cyberattacks, the Five Eyes countries this week published cybersecurity guides tailored for these companies and their investors.

“This guidance is designed to help tech startups protect their innovation, reputation, and growth, while also helping tech investors fortify their portfolio companies against security risks," Mike Casey, U.S. National Counterintelligence and Security Center Director, said in a statement.

These are the top five cybersecurity recommendations from Australia, Canada, New Zealand, the U.S. and the U.K. for tech startups:

• Be aware of threat vectors, including malicious insiders, insecure IT and supply chain risk.
• Identify your most critical assets and conduct a risk assessment to pinpoint vulnerabilities.
• Build security into your products by managing intellectual assets and IP; monitoring who has access to sensitive information; and ensuring this information’s protection.
• Conduct due diligence when choosing partners and make sure they’re equipped to protect the data you share with them.
• Before you expand abroad, prepare and become informed about these new markets by, for example, understanding local laws in areas such as IP protection and data protection.

“Sophisticated nation-state adversaries, like China, are working hard to steal the intellectual property held by some of our countries’ most innovative and exciting startups,” Ken McCallum, Director General of the U.K.’s MI5, said in a statement.

To get more details, check out these Five Eyes’ cybersecurity resources for tech startups:

• The announcement “Five Eyes Launch Shared Security Advice Campaign for Tech Startups”
• The main guides: 
  • “Secure Innovation: Security Advice for Emerging Technology Companies”
  • “Secure Innovation: Security Advice for Emerging Technology Investors”
• These complementary documents:
  • “Secure Innovation: Scenarios and Mitigations”
  • “Secure Innovation: Travel Security Guidance”
  • “Secure Innovation: Due Diligence Guidance”
  • “Secure Innovation: Companies Summary”

3 - Survey: Unapproved AI use impacting data governance

Employees’ use of unauthorized AI tools is creating compliance issues in a majority of organizations. Specifically, it makes it harder to control data governance and compliance, according to almost 60% of organizations surveyed by market researcher Vanson Bourne.

“Amid all the investment and adoption enthusiasm, many organisations are struggling for control and visibility over its use,” reads the firm’s “AI Barometer: October 2024” publication. Vanson Bourne polls 100 IT and business executives each month about their AI investment plans.

To what extent do you think the unsanctioned use of AI tools is impacting your organisation's ability to maintain control over data governance and compliance?

^{(Source: Vanson Bourne’s “AI Barometer: October 2024”)}

Close to half of organizations surveyed (44%) believe that at least 10% of their employees are using unapproved AI tools.

On a related front, organizations are also grappling with the issue of software vendors that unilaterally and silently add AI features to their products, especially to their SaaS applications.

While surveyed organizations say they’re reaping advantages from their AI usage, “such benefits are dependent on IT teams having the tools to address the control and visibility challenges they face,” the publication reads.

For more information about the use of unapproved AI tools, an issue also known as “shadow AI,” check out:

• “Do You Think You Have No AI Exposures? Think Again” (Tenable)
• “Shadow AI poses new generation of threats to enterprise IT” (TechTarget)
• “10 ways to prevent shadow AI disaster” (CIO)
• “Never Trust User Inputs -- And AI Isn't an Exception: A Security-First Approach” (Tenable)
• “Shadow AI in the ‘dark corners’ of work is becoming a big problem for companies” (CNBC)

VIDEO

Shadow AI Risks in Your Company

4 - NCSC explains nuances of multi-factor authentication

Multi-factor authentication (MFA) comes in a variety of flavors, and understanding the differences is critical for choosing the right option for each use case in your organization.

To help cybersecurity teams better understand the different MFA types and their pluses and minuses, the U.K. National Cyber Security Centre (NCSC) has updated its MFA guidance.

“The new guidance explains the benefits that come with strong authentication, while also minimising the friction that some users associate with MFA,” reads an NCSC blog.

In other words, what type of MFA method to use depends on people’s roles, how they work, the devices they use, the applications or services they’re accessing and so on.

Topics covered include:

• Recommended types of MFA, such as FIDO2 credentials, app-based and hardware-based code generators and message-based methods
• The importance of using strong MFA to secure users’ access to sensitive data
• The role of trusted devices in boosting and simplifying MFA
• Bad practices that weaken MFA’s effectiveness, such as:
  • Retaining weaker, password-only authentication protocols for legacy services
  • Excluding certain accounts from MFA requirements because their users, usually high-ranking officials, find MFA inconvenient

To get more details, read:

• The NCSC blog “Not all types of MFA are created equal”
• The NCSC guide “Multi-factor authentication for your corporate online services”

For more information about MFA:

• “Multifactor Authentication Cheat Sheet” (OWASP)
• “Deploying Multi Factor Authentication – The What, How, and Why” (SANS Institute)
• “How MFA gets hacked — and strategies to prevent it” (CSO)
• “How Multifactor Authentication Supports Growth for Businesses Focused on Zero Trust” (BizTech)
• “What is multi-factor authentication?” (TechTarget)

5 - U.S. gov’t outlines AI strategy, ties it to national security 

The White House has laid out its expectations for how the federal government ought to promote the development of AI in order to safeguard U.S. national security.

In the country’s first-ever National Security Memorandum (NSM) on AI, the Biden administration said the federal government must accomplish the following:

• Ensure the U.S. is the leader in the development of safe, secure and trustworthy AI
• Leverage advanced AI technologies to boost national security
• Advance global AI consensus and governance

“The NSM’s fundamental premise is that advances at the frontier of AI will have significant implications for national security and foreign policy in the near future,” reads a White House statement.

The NSM’s directives to federal agencies include:

• Help improve the security of chips and support the development of powerful supercomputers to be used by AI systems.
• Help AI developers protect their work against foreign spies by providing them with cybersecurity and counterintelligence information.
• Collaborate with international partners to create a governance framework for using AI in a way that is ethical, responsible and respects human rights. 

The White House also published a complementary document titled “Framework To Advance AI Governance and Risk Management in National Security,” which adds implementation details and guidance for the NSM.

6 - State CISOs on the frontlines of AI security

As the cybersecurity risks and benefits of AI multiply, most U.S. state CISOs find themselves at the center of their governments' efforts to craft AI security strategies and policies.

That’s according to the “2024 Deloitte-NASCIO Cybersecurity Study,” which surveyed CISOs from all 50 states and the District of Columbia.

Specifically, 88% of state CISOs reported being involved in the development of a generative AI strategy, while 96% are involved with creating a generative AI security policy.

However, their involvement in AI cybersecurity matters isn’t necessarily making them optimistic about their states’ ability to fend off AI-boosted attacks.

None said they feel “extremely confident” that their state can prevent AI-boosted attacks, while only 10% reported feeling “very confident.” The majority (43%) said they feel “somewhat confident” while the rest said they are either “not very confident” or “not confident at all.”

Naturally, most state CISOs see AI-enabled cyberthreats as significant, with 71% categorizing them as either “very high threat” (18%) or “somewhat high threat” (53%).

At the same time, state CISOs see the potential for AI to help their cybersecurity efforts, as 41% are already using generative AI for cybersecurity, and another 43% have plans to do so by mid-2025.

Other findings from the "2024 Deloitte-NASCIO Cybersecurity Study" include:

• 4 in 10 state CISOs feel their budget is insufficient.
• Almost half of respondents rank cybersecurity staffing as one of the top challenges.
• In the past two years, 23 states have hired new CISOs, as the median tenure of a state CISO has dropped to 23 months, down from 30 months in 2022.
• More state CISOs are taking on privacy protection duties — 86% are responsible for privacy protection, up from 60% two years ago.

For more information about CISO trends:

• “What’s important to CISOs in 2024” (PwC)
• “The CISO’s Tightrope: Balancing Security, Business, and Legal Risks in 2024” (The National CIO Review)
• “State of CISO Leadership: 2024” (SC World)
• “4 Trends That Will Define the CISO's Role in 2024” (SANS Institute)

Preventing data loss, complying with regulations, automating workflows and managing access are four key challenges facing financial institutions. Learn how Tenable can help.

Imagine a bustling bank, made not of bricks and mortar, but of a swirling mass of data in the cloud. Account numbers, transaction histories and personally identifiable information (PII) zip across servers, powering the financial world. Holding all this sensitive data requires tremendous care. Therefore, securing this sensitive information is paramount.

This is where Tenable Cloud Security steps in, offering a data security shield specifically designed for the unique needs of financial institutions.

The challenge: A data deluge demands vigilance

Financial institutions generate massive volumes of data daily. While the public cloud offers unparalleled capacity to store such data, along with agility and scalability, the cloud also expands the attack surface. Legacy cybersecurity solutions are often unable to manage — let alone secure — the sheer volume of data and the variety of ways it is accessed, leaving organizations exposed to malicious actors. At the same time, financial institutions must keep up with new and evolving compliance standards and regulations set forth by governing bodies. Financial institutions need a security platform that helps them protect their data and maintain compliance.

Tenable Cloud Security’s advantage: Seeing beyond the walls

Tenable Cloud Security actively scrutinizes every corner of the cloud data vault, continuously and automatically.

"Without [Tenable Cloud Security], we would've been virtually blind to risks and threats impacting our sensitive data. [Tenable Cloud Security] allows us to preempt any issues and meet the requirements we're receiving from our business partners, with minimal effort.

— VP Security at a leading Fintech platform

Here's how Tenable empowers financial institutions:

• Protecting sensitive data: Tenable doesn't just guard the door; it knows what's inside and how to best protect it. It identifies and labels all data, like financial records and social security numbers, understanding its sensitivity and prioritizing its protection.
• Continuous monitoring: Imagine guards constantly scanning every inch of the vault. Tenable does the same digitally, using advanced technology to constantly search for suspicious activity and potential breaches. Any unusual movement of the data, either exfiltration or copying to a different and inaccessible location, triggers an alarm, allowing for immediate intervention.
• Policy enforcement: Just like a vault needs clear access protocols, so does your data. Tenable automates setting and enforcing cybersecurity policies across the entire cloud, ensuring everyone plays by the book and no unauthorized hands touch the valuables.
• Following mandated regulations: Financial institutions juggle a complex set of regulations and industry standards like the Payment Card Industry Data Security Standard (PCI-DSS). Tenable simplifies compliance with a host of international regulations by providing timely reports and audit trails.

Beyond traditional security: More than just a lock

Modern technology stacks for data storage require a modern cybersecurity stack. Traditional security solutions are unable to address the unique risks associated with storing data in cloud technologies. Financial organizations that leverage Tenable’s data security platform are able to meet existing and future challenges, including:

• Preventing data loss: Early detection and prevention of unauthorized data access can help organizations minimize financial losses and reputational damage, keeping valuable assets safe from even the most cunning thieves.
• Complying with regulations: Automated reports and adherence to the most stringent regulations and industry standards ensure compliance, saving time and resources.
• Automating workflows: Tenable automates tasks and provides deeper insights into how data behaves, enabling organizations to free up their valuable resources for other endeavors and make their security teams more efficient.
• Managing access: Just like knowing who has access to the vault is crucial. Tenable tracks who and what has access to data, ensuring only authorized parties can handle the data.

The future of financial security is data-centric

Tenable Cloud Security's data-centric approach positions it as a valuable partner, not just for guarding the perimeter but for understanding the inner workings of the vault and the most sensitive data within it. By leveraging Tenable’s capabilities, financial institutions can confidently embrace the cloud while ensuring the highest level of security for their most valuable assets — their data.

To learn more about how you can secure your data

• Webinar: Know Your Exposure: Is Your Cloud Data Secure in the Age of AI?
• Data Sheet: Data Security in a Unified Cloud Security Solution
• Infographic: When CNAPP met DSPM
• Demo Video

CISA is warning about a spear-phishing campaign that spreads malicious RDP files. Plus, OWASP is offering guidance about deepfakes and AI security. Meanwhile, cybercriminals have amplified their use of malware for fake software-update attacks. And get the latest on CISA’s international plan, Interpol’s cyber crackdown and ransomware trends.

Dive into six things that are top of mind for the week ending Nov. 8.

1 - CISA: Beware of nasty spear-phishing campaign

Proactively restrict outbound remote-desktop protocol (RDP) connections. Block transmission of RDP files via email. Prevent RDP file execution.

Those are three security measures cyber teams should proactively take in response to an ongoing and “large scale” email spear-phishing campaign targeting victims with malicious RDP files, according to the U.S. Cybersecurity and Infrastructure Security Agency (CISA).

A foreign threat actor is carrying out the campaign. Several vertical sectors, including government and IT, are being targeted.

“Once access has been gained, the threat actor may pursue additional activity, such as deploying malicious code to achieve persistent access to the target’s network,” CISA’s alert reads.
 

Other CISA recommendations include:

• Adopt phishing-resistant multi-factor authentication (MFA), such as FIDO tokens, and try to avoid SMS-based MFA
• Educate users on how to spot suspicious emails
• Hunt for malicious activity in your network looking for indicators of compromise (IoCs) and tactics, techniques and procedures

Although CISA didn’t name the hacker group responsible for this campaign, its alert includes links to related articles from Microsoft and AWS that identify it as Midnight Blizzard. Also known as APT29, this group is affiliated with Russia’s government.

To get more details, check out the CISA alert “Foreign Threat Actor Conducting Large-Scale Spear-Phishing Campaign with RDP Attachments.”

For more information about securing RDP tools:

• “Commonly Exploited Protocols: Remote Desktop Protocol (RDP)” (Center for Internet Security)
• “What is remote desktop protocol (RDP)?” (TechTarget)
• “Wondering Whether RDP IS Secure? Here's a Guide to Remote Desktop Protocol” (AllBusiness)
• “Why remote desktop tools are facing an onslaught of cyber threats” (ITPro)
• “'Midnight Blizzard' Targets Networks With Signed RDP Files” (Dark Reading)

2 - OWASP issues AI security resources

How should your organization respond to deepfakes? What’s the right way of establishing a center of excellence for AI security in your organization? Where can you find a comprehensive guide of tools to secure generative AI applications?

These questions are addressed in a new set of resources for AI security from the Open Worldwide Application Security Project’s OWASP Top 10 for LLM Application Security Project. 

The new resources are meant to help organizations securely adopt, develop and deploy LLM and generative AI systems and applications “with a comprehensive strategy encompassing governance, collaboration and practical tools,” OWASP said in a statement.

These are the new resources:

• “The Guide for Preparing and Responding to Deepfake Events,” which unpacks four types of deepfake schemes – financial fraud, job interview fraud, social engineering and misinformation – and offers guidance about each one in these areas:
  • preparation
  • detection and analysis
  • containment eradication and recovery
  • post-incident activity
• “The LLM and GenAI Center of Excellence Guide,” which aims to help CISOs and fellow organization leaders create a center of excellence for generative AI security that facilitates collaboration among various teams, including security, legal, data science and operations, so they can develop:
  • Generative AI security policies
  • Risk assessment and management processes
  • Training and awareness
  • Research and development
• “The AI Security Solution Landscape Guide,” which offers security teams a comprehensive catalog of open source and commercial tools for securing LLMs and generative AI applications.

To get more details, read OWASP’s announcement “OWASP Dramatically Expands GenAI Security Guidance.”

For more information about protecting your organization against deepfakes:

• “How to prevent deepfakes in the era of generative AI” (TechTarget)
• “Deepfake scams escalate, hitting more than half of businesses” (Cybersecurity Dive)
• “The AI Threat: Deepfake or Deep Fake? Unraveling the True Security Risks” (SecurityWeek)
• “How deepfakes threaten biometric security controls” (TechTarget)
• “Deepfakes break through as business threat” (CSO)

3 - Fake update variants dominate list of top malware in Q3

Hackers are doubling down on fake software-update attacks.

That’s the main takeaway from the Center for Internet Security’s list of the 10 most prevalent malware used during the third quarter.

Malware variants used to carry out fake browser-update attacks took the top four spots on the list: SocGholish, LandUpdate808, ClearFake and ZPHP. Collectively, they accounted for 77% of the quarter’s malware infections. It's the first time LandUpdate808 and ClearFake appear on this quarterly list.

^{(Source: “Top 10 Malware Q3 2024”, Center for Internet Security, October 2024)}

In a fake software-update attack, a victim gets duped into installing a legitimate-looking update for, say, their preferred browser, that instead infects their computers with malware.

Here’s the full list, in descending order:

• SocGholish, a downloader distributed through malicious websites that tricks users into downloading it by offering fake software updates 
• LandUpdate808, a JavaScript downloader distributed through malicious websites via fake browser updates
• ClearFake, another JavaScript downloader used for fake browser-update attacks
• ZPHP, another JavaScript downloader used for fake software-update attacks
• Agent Tesla, a remote access trojan (RAT) that captures credentials, keystrokes and screenshots
• CoinMiner, a cryptocurrency miner that spreads using Windows Management Instrumentation (WMI)
• Arechclient2, also known as SectopRAT, is a .NET RAT whose capabilities include multiple stealth functions
• Mirai, a malware botnet that compromises IoT devices to launch DDoS attacks
• NanoCore, a RAT that spreads via malspam as a malicious Excel spreadsheet
• Lumma Stealer, an infostealer used to swipe personally identifiable information (PII), credentials, cookies and banking information

To get more information, the CIS blog “Top 10 Malware Q3 2024” offers details, context and indicators of compromise for each malware strain.

For details on fake update attacks:

• “Fake browser updates spread updated WarmCookie malware” (BleepingComputer)
• “Beware: Fake Browser Updates Deliver BitRAT and Lumma Stealer Malware” (The Hacker News)
• “Hackers Use Fake Browser Updates for AMOS Malware Attacks Targeting Mac Users” (MSSP Alert)
• “Malware crooks find an in with fake browser updates, in case real ones weren't bad enough” (The Register)
• “Fake Google Chrome errors trick you into running malicious PowerShell scripts” (BleepingComputer)

VIDEO

Fake Chrome Update Malware (The PC Security Channel)

4 - CISA’s first international plan unveiled

CISA has released its first-ever international plan, which outlines a strategy for boosting the agency’s collaboration with cybersecurity agencies from other countries.

Aligning cybersecurity efforts and goals with international partners is critical for tackling cyberthreats in the U.S. and abroad, according to the agency.

The three core pillars of CISA’s “2025 - 2026 International Strategic Plan” are:

• Help make more resilient other countries’ assets, systems and networks that impact U.S. critical infrastructure
• Boost the integrated cyber defenses of the U.S. and its international partners against their shared global cyberthreats
• Unify the coordination of international activities to strengthen cyberdefenses collectively

The plan will allow CISA to “reduce risk to the globally interconnected and interdependent cyber and physical infrastructure that Americans rely on every day,” CISA Director Jen Easterly said in a statement.

5 - Interpol hits phishers, ransomware gangs, info stealers

Interpol and its partners took down 22,000 malicious IP addresses and seized thousands of servers, laptops, and mobile phones used by cybercriminals to conduct phishing scams, deploy ransomware and steal information.

The four-month global operation, titled Synergia II and announced this week, involved law enforcement agencies and private-sector partners from 95 countries and netted 41 arrests.

“Together, we’ve not only dismantled malicious infrastructure but also prevented hundreds of thousands of potential victims from falling prey to cybercrime,” Neal Jetton, Director of Interpol’s Cybercrime Directorate, said in a statement.

In Hong Kong, more than 1,000 servers were taken offline, while authorities in Macau, China took another 291 servers offline. Meanwhile, in Estonia, authorities seized 80GB of server data, which is now being analyzed for links to phishing and banking malware.

For more information about global cybercrime trends:

• “AI-Powered Cybercrime Cartels on the Rise in Asia” (Dark Reading)
• “AI Now a Staple in Phishing Kits Sold to Hackers” (MSSP Alert)
• “The Business of Cybercrime Explodes” (BankDirector)
• “Nation state actors increasingly hide behind cybercriminal tactics and malware” (CSO)

6 - IST: Ransomware attacks surged in 2023

Ransomware gangs went into hyperdrive last year, increasing their attacks by 73% compared with 2022, according to the non-profit think tank Institute for Security and Technology (IST).

The IST attributes the sharp increase in attacks to a shift by ransomware groups to “big game hunting” – going after prominent, large organizations with deep pockets. 

“Available evidence suggests that government and industry actions taken in 2023 were not enough to significantly reduce the profitability of the ransomware model,” reads an IST blog.

Global Ransomware Incidents in 2023

Another takeaway: The ransomware-as-a-service (RaaS) model continued to prove extremely profitable in 2023, and it injected dynamism into the ransomware ecosystem. 

The RaaS model prompted ransomware groups “to shift allegiances, form new groups, or iterate existing variants,” the IST blog reads.

The industry sector that ransomware groups hit the hardest was construction, followed by hospitals and healthcare, and by IT services and consulting. Financial services and law offices rounded out the top five.

To learn more about ransomware trends:

• “Ransomware Is ‘More Brutal’ Than Ever in 2024” (Wired)
• “Ransomware on track for record profits, even as fewer victims pay” (SC Magazine)
• “How Can I Protect Against Ransomware?” (CISA)
• “How to prevent ransomware in 6 steps” (TechTarget)
• “Steps to Help Prevent & Limit the Impact of Ransomware” (Center for Internet Security)

A twitter TeachIn about marine protected areas, hosted by @RJ_Dunlap on 4/8/2013

To tie in with this month’s SoNYC birthday celebrations, we are hosting a collection of case

TORONTO – The Capital Markets Tribunal is seeking applications for membership to the Securities Proceedings Advisory Committee (SPAC).

TORONTO – Participating Canadian securities regulators today published the results of their 10th consecutive annual review of disclosures relating to women on boards and in executive officer positions, as well as the underlying data that was used to prepare the report.

TORONTO – The Canadian Securities Administrators (CSA) today published

TORONTO - The Canadian Securities Administrators (CSA) today published its biennial

#solo12fraud

Finding sources for funding research can be a demanding task, and one that's not always successful. A new trend that's emerging out of the necessity to fund projects that have no traditional means of support is "crowdfunding." A panel at SpotOnLondon weighs the resulting apprehensions and benefits.

Here is a Storify round up of the SpotOn London session: Incentivising Open Access and Open

Here is a Storify round up of the SpotOn London session: ORCID – why do we

Here is a Storify round up of the SpotOn London session: What do you need to

Here is a Storify round up of the SpotOn London session: Tackling the terabyte: how should

Marie Boran is a PhD candidate at the INSIGHT Centre for Data Analytics, the National

Here is a Storify collating the online conversation around the Open, Portable, Decoupled – How should

Here is a Storify collecting the online conversations from the Science games: does play work? session at

Here is a Storify collecting the online conversations from the Communicating Science in an Open Access

Here is a Storify collecting the online conversations from the, “The Dark Art of Dark

"Humanity pushes back! The Survey Corps develops a risky gambit— have Eren in Titan form attempt to repair Wall Rose, reclaiming human territory from the monsters for the first time in a century. But Titan-Eren's self-control is far from perfect, and when he goes on a rampage, not even Armin can stop him! With the survival of humanity on his massive shoulders, will Eren be able to return to his senses, or will he lose himself forever?"-- Page [4] of cover.

Kyle Barnes has been plagued by demonic possession all his life and now he needs answers. Unfortunately, what he uncovers along the way could bring about the end of life on Earth as we know it.

"Nothing about Saitama passes the eyeball test when it comes to superheroes, from his lifeless expression to his bald head to his unimpressive physique. However, this average-looking guy has a not-so-average problem— he just can't seem to find an opponent strong enough to take on! An emergency summons gathers Class S heroes at headquarters … and Saitama tags along. There, they learn that the great seer Shibabawa left the following prophecy: "The Earth is in danger!" What in the world is going to happen?!" -- Description provided by publisher.

Nothing about Saitama passes the eyeball test when it comes to superheroes, from his lifeless expression to his bald head to his unimpressive physique. However, this average-looking guy has a not-so-average problem-he just can't seem to find an opponent strong enough to take on! When aliens invade Earth, a group of Class-S heroes finally finds a way to fight back and go on the offensive. Inside the enemy mother ship, Saitama fights Boros. Faced with the alien's frightful power, he decides to get serious! What is the Earth's fate?!

"Hero hunter Gato intensifies his onslaught, so of course Saitama decides now is the perfect time to join a combat tournament. Meanwhile, Class-S hero Metal Bat takes an assignment guarding a Hero Association executive and his son, and before long trouble appears!" -- Description provided by publisher.

"Kyle is faced with the most emotional exorcism he's performed yet … as he begins to learn more about his abilities and what's really happening around him. The pieces are starting to fall into place as secrets are revealed that will change everything." -- Description provided by publisher.

Kyle Barnes has been plagued by demonic possession all his life. In light of recent revelations, he finally feels like he's starting to piece together the answers he's looking for. But while he feels a new sense of purpose is Reverend Anderson's life falling apart?

"Answers are given, secrets are revealed, and the Barnes family has never been in more danger. Allison learns that there's something very special about her daughter, bu where's Kyle? Will Anderson risk everything to save him?' -- Page 4 of cover.

"As the House of Slaughter arrives to clean up the situation by any means necessary, Erica will find that the true threat to those around her isn't who— or what— she ever expected. And the cost of saving the day may be too high for anyone to pay … ." -- Description provided by publisher.

"A desperate call for help interrupts holiday celebrations at the Bureau of Balance, and sends Taako, Magnus and Merle on a high-stakes mission to find and reclaim a fourth deadly relic: a powerful transmutation stone, hidden somewhere in the depths of a floating arcane laboratory that's home to the Doctors Maureen and Lucas Miller. An unknown menace has seized control of the stone, and is using it to transform the lab into a virulent pink crystal that spreads to everything it touches. It's only a matter of time before this sparkling disaster crash-lands, but in order to find the stone and save the whole planet from being King Midased, our heroes will have to fight their way through a gauntlet of rowdy robots and crystal golems, decide whether they can trust the evasive Lucas Miller, and solve the mystery of what— or who— has put them all in peril, before there's no world left to save." -- Provided by publisher

"Set in the years leading up the Hugo and Nebula Award-winning Dune— 'Dume: House Atreides transports readers to the far future on the desert planet Arrakis where Pardot Kynes seeks its secrets. Meanwhile, a violent coup is planned by the son of Emperor Elrood; an eight-year-old slave Duncan Idaho seeks to escape his cruel masters; and a young man named Leto Atreides begins a fateful journey. These unlikely souls are drawn together first as renegades and then as something more, as they discover their true fate— to change the very shape of history!" -- Description provided by publisher.

"The one who wields the fire power is destined to save the world, but Owen Johnson has turned his back on that life. But after the Dragon's Claw's attack, Owen and his family are reeling from the loss— and more danger lurks on the horizon!" -- Description provided by publisher.

"Sheriff Mal Reynolds has a new partner— a law enforcing robot from the Blue Sun corporation, who doesn't care about motives, about mercy, about anything other than enforcing the law— no matter the cost. The Blue Sun Corporation has helped to run the universe from the shadows for years, but they're ready to step into the light and take over. If Mal wants to keep his job and protect his sector, the smart move would be to play by their rulebook. But for Mal, there's really one choice— reunite the crew of the Serenity for one last impossible job to save the 'verse. Greg Pak and artist Dan McDaid launch Mal & the crew of Serenity into their biggest war yet, officially continuing Joss Whedon's acclaimed series." -- Provided by publisher.

"When 18-year-old Klaus gets himself kicked out of the Umbrella Academy and his allowance discontinued, he heads to a place where his ghoulish talents will be appreciated— Hollywood. But after a magical high on a stash stolen from a vampire drug lord, Klaus needs help, and doesn't have his siblings there to save him." -- Provided by publisher.

"When Kristen Radtke was in her twenties, she learned that, as her father was growing up, he would crawl onto his roof in rural Wisconsin and send signals out on his ham radio. Those CQ calls were his attempt to reach somebody— anybody— who would respond. In Seek You, Radtke uses this image as her jumping off point into a piercing exploration of loneliness and the ways in which we attempt to feel closer to one another. She looks at the very real current crisis of loneliness through the lenses of gender, violence, technology, and art. Ranging from the invention of the laugh-track to Instagram to Harry Harlow's experiments in which infant monkeys were given inanimate surrogate mothers, Radtke uncovers all she can about how we engage with friends, family, and strangers alike, and what happens— to us and to them— when we disengage. With her distinctive, emotionally charged drawings and unflinchingly sharp prose, Kristen Radtke masterfully reframes some of our most vulnerable and sublime moments." -- Provided by publisher.

"A deadly typhoon, a mysterious creature and a girl who won't quit. In 2020, a large creature rampages through Tokyo, destroying everything in its path. In 1959, Asa Asada, a spunky young girl from a huge family in Nagoya, is kidnapped for ransom— and not a soul notices. When a typhoon hits Nagoya, Asa and her kidnapper must work together to survive. But there's more to her kidnapper and this storm than meets the eye. When Asa's mother goes into labor yet again, Asa runs off to find a doctor. But no one bats an eye when she doesn't return— not even as a storm approaches Nagoya. Forgotten yet again, Asa runs into a burglar and tries to stop him on her own, a decision that leads to an unlikely alliance." -- Provided by publisher.

"Asa and Kasuga see the tail of a giant creature rise from the water. In a jungle, explorers discover massive claw marks in a tree trunk. And years later in 1964, a mysterious military man appears asking all the wrong questions." -- Provided by publisher.

"The stage is set for the final battle as the first ever Firefly event concludes, with Sheriff Mal Reynolds— yeah, he's still getting used to it too— making a choice that may cost him those he loves most, whether he knows it or not … Shocking losses lead to stunning decisions as Mal and the crew of Serenity must face the consequences of their choices in war against the Blue Sun Corporation. The 'Verse is changing in ways no one ever expected— and a new chapter of Firefly begins here." -- Provided by publisher.

"France spirals towards a civil war, as nobles continue to ignore the people of France. Noblewoman Oscar Fraṅois de Jarjayes is forced to reconsider her life as a soldier and a woman, her loyalties and her love. Marie Antoinette and the royal family seek escape, while Robespierre and the National Assembly take up arms and demand democracy." -- Provided by publisher.

"The Joker is dead. There is no doubt about that. But whether Batman finally snapped his scrawny neck or some other sinister force in Gotham City did the deed is still a mystery. Problem is, Batman can't remember … and the more he digs into this labyrinthine case, the more he starts to doubt everything he's uncovering. So who better to set him straight than … John Constantine? The problem with that is as much as John loves a good mystery, he loves messing with people's heads even more. So with John's 'help', the pair will delve into the sordid underbelly of Gotham as they race toward the mind-blowing truth of who murdered The Joker." -- Page [4] of cover.

Here is a Storify collecting the online conversations from the “How are online tools changing

The annual conference, SpotOn London, will be taking place at the Wellcome Trust on Friday,

To accompany this year’s SpotOn London conference, at the Wellcome Trust on Friday, 14 November

Article PDF (download)

In 2021, General Secretary Xi Jinping solemnly declared that China's poverty alleviation battle has achieved a comprehensive victory. However, there is still a long way to go to solve the problem of unbalanced and insufficient development, narrow the development gap between urban and rural areas, and achieve comprehensive human development and common prosperity for all people.

Since the 18th National Congress of the Communist Party of China, China’s economicdevelopment has entered a new stage. Under the circumstances, the goal of “Common Prosperity” has attracted more and more attention over the past several years. China’s long-term implementation of urban-biased policies led to a huge gap between urban and rural areas for a long time and hindered the realization of common prosperity.

2022年，世界面临多重危机。旷日持久的2019冠状病毒病疫情(COVID-19)、重大自然灾害、内乱和政治动荡以及气候变化日益严重的影响对食物系统的破坏仍在继续，而与此同时，俄乌战争和通货膨胀加剧了全球粮食和化肥危机。危机数量不断增加，多种危机的叠加影响日益加剧，饥饿人口和流离失所者数量不断攀升，促使人们呼吁重新思考粮食危机应对措施，从而为变革创造了一个真正的机会。

Full Book [download]